The current and planned versions of trusted platform modules (hereinafter, “TPMs”) use an asymmetric key as the root of a key hierarchy. The asymmetric key is in the form of a storage root key (hereinafter, “SRK”). A private portion of this storage root key (hereinafter, “SRKpriv”) is created on the TPM, and the TPM is designed not to output the SRKpriv key. A key hierarchy can then be constructed with keys “attached” to the SRK using its public key and then keys attached to those keys. This forms a chain of protections with one key protecting the next with the root of the protection being the SRK.
As a result of protecting a key hierarchy in this manner, disclosure of SRKpriv would allow someone to access any key in the hierarchy by opening each key in the hierarchy successively. Because of the importance of protecting the SRKpriv, attempts have been made to make TPMs tamper resistant. Designing and testing tamper resistance is costly both in time and money. The present implementations can offer more secure configurations with less or no potential downside.